C H A P T E R 5 - Diagnostics and Troubleshooting

This chapter describes diagnostic tests and troubleshooting for the Sun Crypto Accelerator 1000 software. This chapter includes the following sections:

SunVTS Diagnostic Software

SunVTS is Sun's Validation Test Suite software that focuses on testing the system level network and cryptographic functionality of the Sun Crypto Accelerator 1000 subsystem (driver and hardware). The core SunVTS wrapper provides test control and a user interface to a suite of system level tests. These tests are delivered with packages SUNWvts and SUNWvtsts to make up a bundle that is contained on the Solaris 10 Software DVDs, and also available for download at http://www.sun.com/oem/vts.

The Sun Crypto Accelerator 1000 board can be tested by the SunVTS test, cryptotest, that is bundled with the core SunVTS software beginning with SunVTS 6.0 Patch Set 1 (PS1) released with Solaris 10. cryptotest provides diagnostics of the cryptographic circuitry of the board.

Refer to the SunVTS 6.0 Patch Set 1 Documentation Supplement for instructions on how to perform and monitor the diagnostics provided with cryptotest. This document is available at: http://www.sun.com/products-n-solutions/hardware/docs/Software/Diagnostics/index.html

Installing SunVTS

The SunVTS test cryptotest delivered in the SUNWvts and SUNWvtsts packages on the Solaris Software DVD, provides diagnostics for the Sun Crypto Accelerator 1000 board. SUNWvts and SUNWvtsts packages from SunVTS 6.0.1 or later must be installed. Refer to the SunVTS user's guide for installation instructions.

Troubleshooting the Sun Crypto Accelerator 1000

To determine whether the Sun Crypto Accelerator 1000 device is listed in the system: from the OpenBoot PROM (OBP) prompt, type show-devs to display the list of devices. You should see lines in the list of devices, similar to the examples below, specific to the Sun Crypto Accelerator 1000 board:

ok show-devs

 . . .

/pci@1f,0/pci@1/pci108e,5455@2

 . . .

In the above example, the pci108e,5455 identifies the device path to the Sun Crypto Accelerator 1000 board. There is no firmware on this board, so OBP level diagnostics are not available.

Using kstat to Determine Cryptographic Activity

The Sun Crypto Accelerator 1000 board does not contain lights or other indicators to reflect cryptographic activity on the board. In order to determine whether cryptographic work requests are actually being performed on the board, use the kstat(1M) command to display the device usage:

# kstat -m dca -i 0 -n dca0

module: dca                     instance: 0

name:   dca0                    class:    misc

        3desbytes               3040

        3desjobs                5

        crtime                  65.342725895

        dsasign                 0

        dsaverify               0

        rngbytes                10592

        rngjobs                 187

        rngsha1bytes            16328

        rngsha1jobs             327

        rsaprivate              9

        rsapublic               0

        snaptime                106956.467004482

Displaying the kstat information indicates whether cryptographic requests or "jobs" are being sent to the Sun Crypto Accelerator 1000 board. A change in the "jobs" values over time indicates that the board is accelerating cryptographic work requests sent to the Sun Crypto Accelerator 1000 board. If cryptographic work requests are not being sent to the board, verify your web server configuration per the web server specific configuration.

Sun's Predictive Self-Healing

Solaris 10 introduces a new architecture for building and deploying systems and services capable of Predictive Self-Healing. The dca driver delivers an error telemetry for diagnosis of hardware and software problems by the Solaris Fault Manager, fmd(1M).

When problems are detected by the dca driver, error reports are sent to the fault manager daemon for diagnosis and logging. The fmdump(1M) utility can be used to view the list of problems diagnosed by the fault manager, along with their Universal Unique Identifiers (UUIDs) and knowledge article message identifiers. The fmadm(1M) utility can be used to view the resources on the system believed to be faulty. The fmstat(1M) utility can be used to report statistics kept by the fault manager. The fault manager is started automatically when Solaris boots, so it is not necessary to use the fmd command directly. Refer to the man pages for more details regarding the use of these tools.

The fault manager also sends a message to the syslogd(1M) service to notify an administrator that a problem has been detected. The message directs administrators to a knowledge article at http://www.sun.com/msg/, which explains more about the problem impact and appropriate responses. A brief description of the problem and the action required by the administrator is also provided in the message.